And attached Action items for the chairs are marked *in bold*
# IETF 121 (Dublin) TLS Working Group Meeting Friday, November 8, 2024 Session II, 13:00 - 15:00 The Auditorium ## Agenda ## Working Group Items * Administrivia - chairs (5 min) RichS taking notes (*your name here*) No agenda updates * TLS Tussle Update - Sean Got consensus on the problem statement. One proposal submitted. Another draft coming. Deadline for submissions 20 Dec, then 13 Jan call for adoption. This has been done before, just make sure complete draft, not skeleton/IOU draft. Discussion about the schedule. AD input: this is fair, consider having an interim in January if you get other drafts. Sean: One take-away we need to be better/earlier about fixing specific deadlines. We will move forward this plan and take it to the list. * Registry Updates - Rich Salz A stunning presentation. I laughed, I cried, I was moved. * ECH Discussion - Eric Rescorla Review of GH issues: - 628; DNS issues from AD review. DavidBen: no strong opinions; BenS: it is tricky because the name is baswed on what URI thinks names are (not X509 not DNS etc). Paul suggests uses a DNS name and say "don't use something confused with IPaddrs" Discussion. No consensus, will defer to the AD once they provide a recommendation. - 630; Extraneous configs must have invalid DNS names? Plan on using a name in ".invalid" TLD probably as a MAY so you can redirect to an error page, e.g. - 629; Should we recommend how often to rotate keys? Stephen: recall that DNS times are a choke-point here. BenS: Replace "frequently" with "regularly" do not specify a specific number. Much support. That's the plan now. - 631; More guidance on greasing. Internal note Will get new draft before Dec 20 * FATT Updates - Joe See slides for details of current proposal, particularly page 3. Working on getting at least two more members into the analysis team. Discussion. Stephen: don't think private discussion is in best interests of TLS, IETF. Joe: it would be better. Stephen: let's encourage, now, not to be private. Dierdre: we have parties who want to contribute, and want space to work it out amongst themselves. Mohammed: in favor of more openness. Sean: we can ask them about being public. Mohammed: suggest putting point person on the DT per-document page. Sean: waiting to hear back from point person for Russ's draft. Then have three other drafts likely to go to the panel. **CHAIRS ACTION ITEM** Please list the specific drafts! * DTLS Clarifications - David Benjamin Slides enumerate 13 particular issues found while working on an implementation. EKR: Publish 9147 as 9147bis-00 call for adoption. Create a repo. Sean: Can we skip call for adoption? Paul: I'll check the process, and let you know; I have no problem with it. * Abridged Certs Update - Dennis Jackson Got feedback pass 2 (compress end-entity cert) was more complex than worth. Propose to use Brotli with no dictionary (about 200 bytes cost). Propose in-line compression dictionary for CCADB cert list. Rich; Use CCABB timestamp/version instead of inlining the dictionary. Kyle: I like Zstd. Please leave window open to switch from Brotli back to Zstd. Alessandro: there are various proposals to elide intermediates, hope we can settle on one method. Sean: when do WGLC? Dennis: I want to do some of the experiments, and if they go well, might request move to standards track. Sean: so maybe in fall? Dennis: yes. Alessandro: we can't do experiments earlier than 25Q1. * Extended Key Update - Yaorslov Rosomakho See slides for details. Yaorslov: no open issues, ready for next steps (analysis sniff update). Sean: will mark as "update sslkeylogfile RFC?" Yaorslov: yes, once it has an RFC number. EKR: Don't need to wait for DTLS1.3bis to get a code point. * SSLKeylog ECH - Yaorslov Rosomakho See slides for detais. Supported by latest wireshark build. Adding a new IANA registry for SSLKEYLOGFILE labels. **CHAIRS ACTiON ITEM** We'll start WGLC before end of November. Sean will talk with Martin about moving the IANA section to the base doc. * draft-fossati-tls-attestation - Hannes Tschofenig Attestion is happening in several places in IETF and related: attested TLS, attests CSR, RFC 9261, formal verification; implementations exist. Use cases include confidential computing, devic onboareding; web is not a use case. EKR: Are you trying to attest "I am the only entity that has access to the keys?" Hannes: yes MikeO: Is "are you allowed on the corporate VPN?" A web use-case? Hannes: no, but others are working on this problem not using these techniques. MontyW: I would like to see this useful for slow compute devices like TPMs Hannes: looking for adoption as an experimental doc. **Decision: Need more discussion on the list before issuing adoption call.** * draft-kwiatkowski-tls-ecdhe-mlkem - Kris Kwiatkowski See slides for details. Discussion about order of the component parts. ## Additional Items (Time Permitting) * draft-connolly-tls-mlkem-key-agreement - Deirdre Connolly
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
